VPN / DNS oddity.

Skruf

Occasional Visitor
Hey,
I've stumbled on something I do not understand and thought I'd post it so someone could let me know what I'm missing...

I run a VM that has Pi-hole/Unbound and NSD running for DNS service... Running on the local network.

On the router both WAN and LAN (DHCP) DNS servers are set to the above internal DNS server (192.168.1.x). The VPN is set to Policy Rules (Strict) and Exclusive on the Accept DNS configuration.

If I use DHCP to issue an IP address to any client going through the VPN or if I have a static IP address (with local DNS servers) then I get a DNS leak showing on the VPN.

If I set the static IP address and use external DNS servers (9.9.9.9, etc) there is no DNS leak.

If someone can help me understand that I'd appreciate it. Thanks.
 

Skruf

Occasional Visitor
Hey,

Yes, and no... The DNS servers are no longer going through a VPN. After putting them through the WAN is where I noticed the difference.
 

Skruf

Occasional Visitor
Hey,

FWIW, this is how I solved my issue...

I enabled the JFFS partition and formatted it on the follow up boot. Then I created a dnsmasq.conf.add file (in /jffs/configs/) and entered the following in it:

Code:
dhcp-option=tag:vpndns,option:dns-server,10.10.10.1,10.10.10.2
dhcp-mac=set:vpndns,xx:xx:xx:xx:xx:xx
After that a reboot...

The DNS servers are bogus as the VPN is forcing the clients to use their servers. The "vpndns" is obviously the tag I used and the dhcp-mac line defines the clients (their MAC) using the defined DNS servers.

Mainly I just wanted to be able to use DHCP on the router to keep things simple and uniform with the rest of the network. So far it seems to do what I want it to... until I break it again...

Best.
 

sl4fko

Regular Contributor
I'd like to borrow this topic for a few moments...


I have NordVPN on my AC86U configured with both NordVPN custom DNSs.


Question:
Can I (should I?) use DoT DNS privacy protocol or it doesn't make sense anymore because of both NordVPN custom DNSs?

Thanks!
 

Markster

Senior Member
I'd like to borrow this topic for a few moments...


I have NordVPN on my AC86U configured with both NordVPN custom DNSs.


Question:
Can I (should I?) use DoT DNS privacy protocol or it doesn't make sense anymore because of both NordVPN custom DNSs?

Thanks!
Both will be secured. If you decide to use DNSSEC and DoT set OpenVPN client DNS to Disabled. If you want to use NordVPN DNS set OpenVPN DNS to Exclusive. DoT would be faster and can be as secured as NordVPN DNS
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top